Wim Bervoets (Migrated from SEC-2118) said:
The MANIFEST.MF file in the the 3 Spring Security jars contains Import-Package declarations with a version range that excludes Spring 3.2.0.RELEASE
(eg. org.springframework.beans;version="[3.0.7.RELEASE, 3.2.0)")
In an OSGI environment where Spring 3.2 is deployed, the Spring Security bundle can't be deployed as the Import Packages doesn't include 3.2.0 in the version range.
In attachment you can find patched jars with an update MANIFEST.MF
Wim Bervoets said:
I don't understand the the type was changed to Improvement. It is a bug (eg. impossible to use Spring Security with Spring 3.2 in an OSGI environment)
@wim Bervoets did you test the bundles that you patched ? Do they work for you ? If yes what environment are you using, because I have some issues using them with Virgo 3.6.
Any news about a release date for Spring Security that will work with the Spring Framework 3.2 in OSGI ?
@armin, yes they are working for us. These are the only 3 jars we're using from spring security, maybe you need to patch some additional ones.
The only change is in the MANIFEST.MF files in the Import-Packages section. Eg. Spring Beans 3.2 is excluded by
I've changed it to org.springframework.beans;version="[3.0.7.RELEASE, 3.3.0)
We use Apache Felix OSGI container
Rob Winch said:
It was changed to enhancement because Spring 3.2 was not released at the time. Updating to support Spring 3.2 in an OSGi environment is no different than updating to support any other framework.
Rainer Burgstaller said:
wbervoets: at least the web package is still excluding the 3.2.0 versions for org.springframework.jdbc.core, org.springframework.expression. So your attached files won't work.
Attached is the corrected web jar
Jean-Pierre Bergamin said:
Please see SpringSource#29
Thank you for the submission. This is now fixed.
Craig Foote said:
Am I seeing the same problem with org.springframework.security.remoting_3.1.3.RELEASE with an Import-Package on org.springframework.
remoting.httpinvoker;version="[3.0.7.RELEASE, 3.2.0)" from org.springframework.web but not compatible with version 3.2.1? Anyone have a patched version for that?
There is no target date for Spring Security 3.1.4 at this time. This is due to the fact that
@rob, let's agree we differ opinion on the type of ticket (for us it is a critical bug as one would expect that the latest stable version of Spring security can be used with the latest stable spring framework version; there are no docs that say otherwise)
Why not make the Spring Security 3.1.x branch more stable then it already is, so we don't need to create patched jars :-) For most of your users it'll be only updating a version tag in Maven pom.xml file...
Due to the popularity of this issue, we will be making a 3.1.4 release sometime next week. The OSGi version will be following within a week of the release. I understand that the delay with the OSGi version is not ideal, but given our current situation this is the best we can do. Please stay tuned to this issue and/or springsource.org for the release announcement. I will also post on this ticket when additional information about the OSGi version becomes available.
We have released 3.1.4, and expect the OSGi version later this week. See http://www.springsource.org/node/22598
You can now find the 3.1.4 release in the EBR
Thanks, works great :)
This issue duplicates #2359